{"id":"ASB-A-436580278","details":"In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-436580278","CVE-2025-48623"],"modified":"2026-04-17T15:55:28.020024Z","published":"2025-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-12-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2025-12-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81","https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895"],"vanir_signatures":[{"target":{"file":"arch/arm64/kvm/hyp/nvhe/pkvm.c","function":"init_pkvm_hyp_vcpu"},"signature_type":"Function","id":"ASB-A-436580278-32214e56","digest":{"length":1412,"function_hash":"131869207249152044642128437608415532638"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81"},{"target":{"file":"arch/arm64/kvm/hyp/nvhe/pkvm.c"},"signature_type":"Line","id":"ASB-A-436580278-4d2669a6","digest":{"threshold":0.9,"line_hashes":["326118583415893137817933218525750139875","146909942768788339309673704799148473338","324510009707059484238981277716417677465","40045927403040859855862745724553424554","224952189961902143946865464159773337831","21036826216666020181881630440408284634","218585340547388096669683246519936461829"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895"},{"target":{"file":"arch/arm64/kvm/hyp/nvhe/pkvm.c","function":"init_pkvm_hyp_vcpu"},"signature_type":"Function","id":"ASB-A-436580278-78939954","digest":{"length":1278,"function_hash":"288353721847074805069654069000514111339"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895"},{"target":{"file":"arch/arm64/kvm/hyp/nvhe/pkvm.c"},"signature_type":"Line","id":"ASB-A-436580278-f9b3d4f3","digest":{"threshold":0.9,"line_hashes":["312137642325817340013566362473081648660","146909942768788339309673704799148473338","324510009707059484238981277716417677465","40045927403040859855862745724553424554","224952189961902143946865464159773337831","21036826216666020181881630440408284634","218585340547388096669683246519936461829"]},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81"}],"types":["EoP"],"spl":"2025-12-05","severity":"Critical"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-436580278.json"}}],"schema_version":"1.7.5"}